malwarewikiaorg-20200223-history
Spartacus
Spartacus was the first Ransomware that explicitly asked the user to send a public key, which is disguised as SF.exe file and injected with spam emails, rogue software updates and remote desktop control services. Payload When Spartacus is excuted and opened, it will encrypt all files on the user's machine. When Spartacus is executed and opened, it will encrypt all files on the user's machine. Once files are encrypted, using them becomes impossible. Spartacus is also designed to delete Shadow Volume Copies. After these actions, Spartacus opens a pop-up window and creates a text file ("READ ME.txt"), placing a copy in every existing folder. Updated variants of this ransomware use ".SF" extension for encrypted files. The pop-up window and new text file contain similar messages informing victims of the encryption. To restore data, users must contact developers via an email address provided. They are encouraged to pay a ransom, after which they receive further decryption instructions. It is currently unknown whether Spartacus uses symmetric or asymmetric cryptography. In any case, Spartacus appears to employ a hard-coded string similar to a private RSA key (this algorithm generates two keys - public encryption and private decryption). Regardless of the encryption algorithm used (AES, RSA, or others), decryption requires a unique key that is evidently generated individually for each victim. In fact, since Spartacus has a hard-coded key, the situation is rather confusing - it might be a decryption key or merely an attempt to trick malware security researchers. The idea of viruses such as Spartacus is to extort victims - criminals hide keys on remote servers and encourage users to purchase them. Spartacus's ransom-demand states that the cost depends on how soon the victim makes contact with these people. In addition, users are able to attach five selected files (up to 10MB in total), which are supposedly restored and returned as a 'guarantee' that decryption is possible. Text presented in Spartacus pop-up window: All your files have been encrypted! All your files have been encrypted due to a security problem with vni4r PC. If you want try restore them, write us to e-mail: MastersRecover@protonmail.com and send personal ID KEY: - You have to pay for decryption in Bitcoins. The price depends on how you write to us. Auer payment w decryption tool that will decrypt all your files. Free decryption as guarantee Before paying can send us up to 5 files for free decryption. Total size of file must be less than 10Mb (no should not contain valuable information (databases, backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click "Buy bitcoins", and safe payment method and price. https://www.coindesk.comiinformationthow-can-i-buy-bitcoinsi Attention! Write us the e-mail: will send you the archived), and files the seller by Do not rename encrypted files. Do not try decrypt your data using party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. Category:First Category:Ransomware Category:Win32 ransomware Category:Arcticle stubs Category:Win32 Category:Microsoft Windows